CIS Hardened Image Level 1 on Microsoft Windows Server 2019

The main use cases for Windows Server  involve file sharing, such as file server and network shares. We are not a big organization using Windows Server . We are in the transportation industry, and we have a data center. We have approximately 15 servers and 50 machines, some of them are virtual.

The Active Directory integration helps my organization manage permissions and maintain security policies effectively. The security groups are perfect for what I need. I can give groups of users access to specific subfolders easily through the AD security group instead of adding users individually. You simply add them to a security group and the rest of it follows. This is a good mechanism.

It definitely saves my team a lot of time. It's hard to say exactly how much time it saves, but imagine you need to add five new users to a share. Instead of going in, logging in, and finding the user, I just add the members to the group. Click okay, apply, and they have access to the network shares. I don't even need to access the server directly, which is a nice part of it.

The best features of Windows Server are that it works and gives us everything we need to share files and set security permissions. It is done effectively in terms of the NTFS permissions. I can base them on AD security groups.

I have utilized the Active Directory integration in Windows Server for identity management, and they are on a domain.

We haven't utilized Windows containers and Kubernetes  for deploying any applications. I'm trying to learn it and have started to watch YouTube content for my understanding.

I cannot tell if the security enhancements such as Windows Defender Advanced Threat Protection have contributed to protecting sensitive data.

We have not implemented the failover clustering feature in Windows Server.

I have experience with Windows Server for approximately four to five years.

In terms of stability, I would say it's good. Looking at Windows Server 2025, there are still bugs to fix, but 2019 has been there for years and is pretty stable. It's doing a very good job.

I think Windows Server does a very good job with scalability. From what I've read, it can scale out easily.

I have not dealt with Microsoft customer service or technical support directly. My colleague worked with them, and they were available and helped fix the issue. It worked.

I assess the impact of Hyper-V  technology on our resource utilization and hardware costs as very attractive after Broadcom killed VMware for small companies. That's why I'm looking at other technologies and what people say about them.

The initial setup of Windows Server is straightforward in my opinion. It comes with lots of features or things by default. It's already set up with a certain level of security and other things that require hardening based on our company policies, but it's straightforward. It's doing its job and comes ready to continue the setup.

I do not have experience with Azure  products or Citrix. I'm getting to know what other people are saying about the product.

I do not deal with any other types of products such as Cisco, Fortinet, Palo Alto, or testing tools. I just work with Windows Server.

I do not deal with other products such as Windows Server AppFabric  or WSUS , Windows Server Update Services . It's an old-style pure server, on-premises, physical.

I use patch management, such as the update services. We do have it, but it's not me who's taking care of it.

I see lots of new features that Microsoft brings into Windows Server 2025. I understand it's not ready for a general release yet. It's definitely very interesting with the new features and focused a lot on the cloud part of it, so it's something to explore.

I can't say which specific feature I'm most looking forward to seeing since I don't deal with cloud. I don't have it in my environment, but I'm trying to learn it. I'm keeping up with my reading about it, so once I have a better understanding, maybe we can try something.

I am still a system administrator with TFI International.

On a scale of 1-10, I rate Windows Server a 9.

My purpose for using Windows Server  is mostly for Microsoft workloads, which includes ERP , NAV, NAVISION, and for 365 Dynamics, as we have recently migrated to 365 Dynamics from an on-prem Microsoft Dynamics  solution. We utilize Active Directory, Windows Server  for MS SQL  Server, and SharePoint , and we are already a customer for Azure  cloud as well.

From my personal perspective, the most beneficial functions and features of Windows Server are predominantly its services for Active Directory, as well as its support for SQL Server  and any .NET or ASP.NET  applications that we have hosted using the IIS  server.

Windows Server helps with our data protection strategies through Microsoft security services. On top of Microsoft Server, we have to use certain third-party applications; while Microsoft server services provide good host-level security, external application level security often requires additional third-party solutions.

Regarding drawbacks of Windows Server, the solution can definitely be improved, as it is quite vulnerable since Windows is widely adopted in the industry, making it an easier target. We need to ensure that we have antivirus running; while Windows Defender antivirus has improved, it still lacks in areas such as behavioral analysis, and AI-based attacks are not very efficiently detected.

We use third-party applications for app controls and manage Privileged Access Management  with third-party integration, even if we use the AD topology. We also rely on third-party solutions for multi-factor authentication.

I have been working with Windows Server for quite a long time. My experience spans more than 35 years, and in this organization, I have been here for almost around 14 to 15 years.

The installation of Windows Server is quite easy, but Windows Server tends to be a little resource-hungry, and customization from a server standpoint is limited, which is my perspective.

Regarding stability, the experience can depend on housekeeping practices. If maintenance is regular, I don't encounter many day-to-day challenges. However, if maintenance is neglected for an extended period, performance issues and contention may arise, but overall, it remains pretty controllable.

In terms of scalability, Windows Server does have certain challenges; many tools are proprietary to Windows Server. For instance, it doesn't have a default load balancer, and although licensing models differ when using cluster service, scalability is not fundamentally a challenge. The cost of the operating system version can impose different challenges, though.

The technical support from Microsoft is one of the best, though there can be challenges when it comes to priority zero or critical issues, where the queue can be longer.

If I were to rate Microsoft support from one to ten, I would rate it around eight to eight plus.

Positive

Working with Windows Server does save me time and money. The return on investment is evident as having efficient resources to manage our infrastructure means we are less dependent on costly external support from Microsoft. An in-house team can manage things quite efficiently without needing additional assistance.

In terms of ROI, it saves us roughly 10 to 20% in terms of time and resources.

The cost associated with Windows Server—considering pricing, licensing, and setup—is expensive, no doubt.

Maintenance of Windows Server varies by organization, but for us, it's not very difficult as we have in-house resources managing these tasks. However, it can become a bit tricky when we want to see a collated view of our security posture.

Regarding AI integrations with Windows Server, Copilot adoption is progressing, though I have only experienced it on endpoints and not on the server side. We operate significant workloads on AI, but we consume those primarily on Linux rather than Windows Server.

I don't have much experience regarding integration capabilities in Windows Server for AI workloads, so I may not be the right person to provide insights on that.

Overall, I am quite happy with my experience using Windows Server. I don't have many constraints or concerns, so I would rate it eight out of ten.

I administer Windows Server . We have Windows 10  and are migrating to Windows 11  under my organization. The people who work with me are handling the migration right now.

We have several servers, most of them Windows Server . We have a couple of Linux servers, but most of our servers are Windows Server. We maintain the normal infrastructure, including domain controller. We still have a file server and other specific servers. We have an Exchange Server that is only for hybrid purposes as we use Exchange Online . For specific tasks, we need a server to be managed. 

Several years of improvements have been made to the software itself. In the '90s, it was poorly reliable. Now it's very reliable; you can spin up a Windows Server box, and it will run without needing to reboot unless updating. It's quite secure, which wasn't the case previously. They improved security over the years. It's a standard, compatible and backwards compatible with several pieces of software, and it's a standard platform where you can find practically any server software that you need. For me, it's a standard platform right now. They gained the market over the years.

It's difficult to see improvements when using it daily. They improved compatibility with other platforms, such as Linux. One improvement I was thinking about some years ago was the ability to manage an on-premises server from Azure . Now, they have created Azure  Arc, and we are using it as a very good way of managing on-premises servers.

What can be improved is on the Azure side. With Active Directory on the server side and Entra ID on the Azure side in our hybrid environment, we find issues with data syncing to Entra ID. In Entra ID, Microsoft omitted some parameters. In Active Directory, you can put an expiring date to an account, but you cannot do that in Entra ID. We have other means of doing that, but it's common to have consultants working for six months, requiring account expiration or renewal processes.

The Entra ID Connect syncing tool could be improved. Though they moved the service to Azure and use an agent instead of having a dedicated server, it remains cumbersome to set up due to the differences between Entra ID and Active Directory.

I have used Windows Server since Windows NT 3.1 in 1993.

I would rate stability as nine. I don't tend to rate ten because nothing is perfect.

I support it myself and don't recall having any issues requiring Microsoft assistance for Windows Server. I usually solve issues myself. In the '90s, I was at Microsoft on an internship, receiving good training on the internals of Windows NT, which is the basis for the actual Windows Server. Though it has changed significantly, the inner workings remain generally the same.

It's quite scalable. I would rate it nine because it's very scalable internally, and you can use federation to connect to other systems. During company fusions, it's straightforward to connect them if you understand the process. You can use external authentication features to authenticate with Facebook, Google, or Apple. It's quite flexible, scalable, and can manage a tremendous amount of users. My current company is small with approximately 2,600 users, but I've worked in companies with 20,000 to 100,000 users, and it scales beautifully without issues.

The setup complexity depends on your training. You need to understand what you're doing. I've seen many people trying to set up Windows Server as if it were Windows desktop. They don't properly manage permissions or understand the difference between local permissions and domain permissions. If you are properly trained and understand how permissions work, then setting up Windows Server isn't problematic. The installation itself is simple, as they have improved it significantly. However, the challenge lies in knowing which services, roles, and features to add afterward. Training is essential for these aspects.

I usually support it myself.

The return on investment is very good. You get a standard platform that is very secure and stable. The return on investment is very good.

The pricing is fair. There isn't much competition apart from Linux, which has support pricing rather than product pricing. Microsoft offers product pricing with licenses per processor and CAL licenses for accessing. The complexity of licensing can be difficult to understand for inexperienced users, but regarding pricing, there is no comparison.

I would rate Windows Server at seven because while it's not overly difficult to understand, the experience level matters significantly. For me, having started in 1993 with Windows Server, I do it from memory. I know what to set up, what services need to be running, and how to harden it.

I would recommend the product. Training is very important before implementation if you don't have previous experience, or alternatively, engage a consulting company that knows what they are doing for proper implementation. The overall rating for Windows Server is nine out of ten.

Positive

Positive